防止服务器端目录遍历
Apache
修改站点目录对应的配置文件
原
<Directory /> Options +Indexes +FollowSymLinks # 将 "+" 与 Indexes 去掉即可限制列出目录索引 AllowOverride All Order allow,deny Allow from all Require all granted </Directory>
修改后
<Directory /> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all Require all granted </Directory>
或者在站点每个目录下创建一个index.html
Tomcat
修改conf/web.xml配置文件
原
<init-param> <param-name>listings</param-name> <param-value>true</param-value> <!-- 将true改为false --> </init-param>
修改后
<init-param> <param-name>listings</param-name> <param-value>false</param-value> </init-param>
Nginx
修改conf/nginxconf配置文件
location / { index index.html index.htm index.php l.php; autoindex on; }
修改后
location / { index index.html index.htm index.php l.php; autoindex off; }
IIS
- 设置“目录浏览”权限